In this edition of Talks We Like, we are highlighting John Willis' talk "The Divine and Felonious Nature of Cyber Security - A DevSecOps Story" from DevOps Days Austin 2018. John gives a sweeping (in 37 minutes) look at where cybersecurity is today and what this "DevSecOps" idea is all about.
The central message is about closing the front door to the vulnerabilities and exploits that continue to fell businesses large and small. What John describes, in his usual entertaining style, isn't about the new technology or attention-grabbing AI that dominates the cybersecurity headlines.
Instead, John makes a case for bringing the work of AppSec into the same tight feedback loops that have helped the rest of a technology organization improve how they operate. In fact, you can read between the lines and see how advancements like AI/ML will fail unless they are brought into fast feedback loops that are being established in the rest of an organization's Dev to Ops pipelines.
Even if you don't see your job as being directly related to cybersecurity, this presentation is worth your while.
What we like about this talk:
- Excellent overview of the urgency and challenges facing AppSec today.
- Good examples of the trend towards each part of the IT landscape adopting a software development lifecycle mindset (in this case plugging AppSec into delivery pipelines).
- The move towards Operations as a Services (like the move towards Continuous Delivery) enables organizations to decouple and move quicker. Integrating security is essential to staying under control while doing so.